For a while now I have only been updating this LiveJournal account through cross-posting from own website, Organised Adversary.

Recently that cross-posting has stopped working. This is because LiveJournal has become such a large source of spam that mail.livejournal.com is on the SpamhausDomain Block List. Until the LiveJournal administrators can effectively deal with comment spam, which is frequently emailed to users, it is likely that the livejournal.com mail servers will remain on the Spamhaus blacklist.

Until this cross-posting/blacklist issue is resolved, I'll try to remember to post links to new posts here, but LJ is no longer at the forefront of my mind. I'd prefer people to subscribe to the RSS feed (or use the syndicated feed).

My site supports OpenID authentication, which means you can use your LiveJournal account to comment on any posts on Organised Adversary.

I am changing my OpenPGP/GPG key from this one to this one. Both keys are also available here and a proper key transition statement is here.

I have updated all the contact points on this website, but not the legacy site that is still kicking around. I have also signed the SSL statement with the new key that is mentioned in the About page.

It is important to note that the old key is not compromised and will remain active for some time. There are several reasons for the switch, but one of the main ones was my increasing discomfort at using a 1024-bit signing and certification master key. The new key has a much larger certification key and a separate signing subkey, as well as a separate encryption subkey.

I had previously intended to wait for ECC and the finalisation of the SHA-3 selection process before updating my old key, but I am no longer convinced that that was the best idea. Hence the change.

Last week the complete unredacted diplomatic cables obtained by WikiLeaks last year were revealed to the world following a series of events involving WikiLeaks, the Guardian and possibly others. There has been much finger pointing regarding who is to ultimately blame for this, which is essentially pointless. The deed is done and the information is out. A couple of days later WikiLeaks, under the direction of Julian Assange, elected to update their Cablegate site with the unredacted data and provide a full mirror archive [torrent] and PostgreSQLdatabase copy [torrent].

Already there are interesting revelations being brought to international attention by the latest data releases. There are also very valid concerns regarding the safety of intelligence sources, victims of crime and political dissidents who are identified in the cables. Amongst these have been the revelation that one or more cables identify current Australian intelligence officers, as reported in The Age and The Sydney Morning Herald.

Last Friday a statement [PDF] was made by Robert McClelland, the Australian Attorney-General, regarding this fact and confirming that the Australian Security Intelligence Organisation (ASIO), along with other agencies, were reviewing the material. Mr. McLelland reiterated that Section 92 of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) makes it a crime to “publish or cause to be published in a newspaper or other publication, or by radio broadcast or television, or otherwise make public, any matter stating, or from which it could reasonably be inferred, that a person having a particular name or otherwise identified, or a person residing at a particular address, is an officer (not including the Director-General), employee or agent of the Organisation or is in any way connected with such an officer, employee or agent or, subject to subsection (1B), is a former officer (not including a former Director-General), employee or agent of the Organisation or is in any way connected with such a former officer, employee or agent.” That second part is obviously aimed at protecting the families of ASIO employees, while subsection 1B deals with exceptions where former officers have consented to their previous employment being made public.

This has led to speculation that Julian Assange could face prosecution under Section 92 of the ASIO Act. There may be the possibility of additional charges relating to officers of other Australian agencies, such as the Office of National Assessments (ONA) or the Australian Secret Intelligence Service (ASIS). In adition to the cable referred to by The Age and The Sydney Morning Herald there is at least one cable which lists the names of a number of senior ONA analysts and there may be more buried amongst the quarter of a million cables.

One of the problems facing any Australian prosecution in this matter will be whether or not charges can be laid based on the sequence of events. The initial revelations of the complete data came from a GPG encrypted file which had been available online via BitTorrent for several months and which was decrypted using a passphrase published by the Guardian. Each on its own could not reveal the information, they had to be used together to obtain the data. If charges were to be laid related to that, who would be charged? Julian Assange for creating the encrypted file? Another WikiLeaks staffer for putting it on BitTorrent? David Leigh and Luke Harding at the Guardian for publishing the decryption passphrase in WikiLeaks: Inside Jullian Assange’s War on Secrecy? John Young at Cryptome for providing the decrypted CSV file? Raymond Hill at Cablegate Search for using that data in his online database? Others?

That’s just dealing with the initial release of the data. The next question is whether or not Julian Assange or others involved with WikiLeaks can be charged for effectively republishing the data after it has already been decrypted by others? No doubt this is something which Australian Commonwealth prosecuters will consider following the reviews of the diplomatic cables being conducted by ASIO and others.

On Sunday the Attorney-General followed the national security theme with a statement [PDF] announcing a new national security awareness campaign promoting the National Security Hotline (NSH). The NSH was introduced in 2002 by the Howard Government and the initial advertising campaign in 2003 featured much derided fridge magnets for every household.

What is unclear about the latest NSH advertising campaign is whether it was already planned, whether or not it is in response to or accelerated due to the release of the unredacted cables or whether it is part of a push to turn public opinion against WikiLeaks. When the cables were being dribbled out with effort taken to redact information that could identify people at risk of violence or retaliation it was difficult for many people to take the government’s objection too seriously. The complete release last week changes that scenario completely and the publication has been condemned by the traditional media organisations, which had previously worked with WikiLeaks to redact and publish the cables. It is possible that the Attorney-General’s department views an elevation of national security in the public consciousness will make it easier for people to draw the conclusion that the cable publication and, by extension, WikiLeaks is to be condemned.

Regardless of one’s opinions of Julian Assange and WikiLeaks, either for or against, the fact is that the facility to provide a platform for the global release of sensitive material has been a major change for both national and international politics. It has shifted the concentration of power in ways which governments are not used to. They are beginning to learn a similar lesson to that of the media: that the people formerly known as the audience are able to actively engage to a greater extent than previously possible. Not only are people able to do this, but they actually do it.

As I type this there are people around the globe pouring through the released cables looking for interesting information. Some of the results are published by traditional media outlets, some are blogged about and some are included in the running commentary on Twitter or other social media networks. Most people refer to the latter as crowd-sourcing, but governments and intelligence agencies refer to it as open source intelligence. It is another example of ordinary citizens being able to level a playing field which has previously been restricted to governments, intelligence agencies, law enforcement and corporations with the budgets necessary to obtain and mine vast amounts of data. This shift is, unsurprisingly, of real concern to those organisations which have traditionally maintained a monopoly on information.

As a consequence, moves by governments around the world to attempt to limit or discourage this power shift are to be expected. Where that coincides with existing national security legislation, such as that protecting intelligence officers here in Australia, a link is able to be drawn between the power shift and a subtext of potential sedition. It’s not quite accusing anyone engaged in any aspect of the shift in power and sharing (versus control) of information of treason, but it is a manner of presenting opposition to people doing so as in the interests of national security. It is a subtle and dangerous approach to the changing nature of politics and intelligence, which could backfire. Yet it is one which will be pursued by any government seeking to maintain a concentration of power; that being, all of them.

It also won’t work, not completely, that genie is well and truly out of the bottle. The governments, intelligence agencies, law enforcement and corporations already know this; their game is now to limit anything which they see as potentially damaging. The extent of their success or failure in this will only become apparent over time; not just in relation to the various releases from WikiLeaks, but also information which will be released by other sources and organisations in the future.

There are new players in the Great Game of international politics, players who were previously viewed almost entirely as pawns. It will be very interesting to see how it plays out as the power and the rules shift.

As with the OzCar Affair of two years ago, the issue here relates more to the verification that an email has not been tampered with rather than protecting the content from prying eyes. Thus it is a digital signature which would have been of use to Freebody in this case. Had he already been using OpenPGPcompliant software to sign his emails, such as PGP or GPG, Freebody could have proven that the change to his email after signing and sending it was made by someone else, without needing to identify or, in this case, embarass that person.

The reports regarding the case of Paul Freebody are a little unclear as to whether the modified email had been sent from his computer or whether a family member who had received the email modified it and then forwarded it on. Regardless of which of those two alternatives it was, the regular use of a digital signature would have helped.

If the email had been modified on Mr. Freebody’s computer before it was sent, the prompt to sign the message would have prevented message from being sent without the relevant passphrase. If the relative had removed the signing option then Mr. Freebody could have pointed to the lack of the signature as a certain level of proof that he did not send that email.

Had the email been signed and a recipient modified the content before forwarding it to others, the signature would not validate for that message and Mr. Freebody could then have pointed to that as proof that the message had been altered. In this case Mr. Freebody could have provided a copy of the original message with the valid signature for comparison.

This is the second time in as many years in which a forged or modified email has resulted in a scalp being claimed in Australian politics; yet the tools to prevent it have been available for two decades and standardised since the late 1990s. Since that time the ease of using email encryption and signatures, particularly with the combination of Thunderbird, GPG and Enigmail, has been improved considerably.

Until people in public life start using at least this aspect of cryptographic technology, even if they don’t actually encrypt their email, these kind of scandals will continue to occur.

On the 15th of June Mr. Stuchbery posted an article about a graphic novel, Man Hunters published by ACCESS Publishing International, a division of ACCESS Ministries. The original article included several images from the graphic novel and a link to a PDF of the complete article.

On the 17th of June Mr. Stuchbery received a letter from Moores Legal stating that the post of the graphic novel and any part of it was a breach of copyright. The letter demanded the removal of the graphic novel PDF, the deletion of any copies of same, the removal of any images from the PDF and the deletion of the entire article which included this content. The letter, which Mr. Stuchbery posted, included a deadline of 5:00pm on June 22nd.

Mr. Stuchbery complied with the request to remove the PDF and all of the images, except for a single panel. The other panels were replaced with transcripts of the dialogue. He cited the “fair use” (actually it is “fair dealing”) provisions of the Copyright Act 1968 for the purpose of the critique which comprises the remainder of his article.

In spite of this compliance, Mr. Stuchbery’s posting access to his site was disabled by WordPress.com before the deadline set by Moores Legal. This indicates that the purpose of this action is not simply to protect the material published by ACCESS Ministries, but to silence one of their critics. If it were purely concerned with the copyright issue then the deadline would have been honoured, as would the fair dealing provisions of the Copyright Act 1968. Instead moves were made to report Mr. Stuchbery’s site for copyright infringement to his hosting provider before that, the result being suspension of updates well before the deadline. According to Mr. Stuchbery he discovered the suspension more than nine hours prior to the deadline.

This type of use of copyright law by organisations, especially religious organisations, to stifle dissent is nothing new. The Church of Scientology is well practiced at using precisely this tactic to silence their critics and have done so to great effect for many years. Now ACCESS Ministries are taking their turn at using copyright law to censor their opposition. This case is a little different from many of the Scientology ones in one crucial respect; the criticism of ACCESS Ministries and their teaching material does not relate purely to their internal policies and behaviour, as much of the Scientology criticism does, it relates to material used by ACCESS Ministries chaplains in a government funded program for secular schools. As such, criticism of the policy and of any content used in the delivery of that policy should be protected by the impliedright to free political speech. This relates to both the High Court rulings regarding freedom of political speech inferred from the AustralianConstitution and various international treaties which Australia has ratified, most notably the International Covenant on Civil and Political Rights.

With this action ACCESS Ministries have proven their complete disregard for the civil rights of those who do not agree with them. They have shown their willingness to resort to any means available to silence any and all opposition and criticism.

Six months ago Victoria went to the polls and elected a Liberal-National Coalition government, led by Ted Baillieu, with a (slim) majority in both houses of parliament. After more than a decade of Labor government, this was not entirely unexpected. Due to electoral reforms made by the previous Labor government, there will be another three and a half years before another election will be held.

The change in government has led to a drastic change in the tone of governance in Victoria. Three of the changes which particularly illustrate this are a review of the Charter of Human Rights and Responsibilities Act 2006 with a possible result of watering down or even repealing the Act, on the spot fines for “indecent” language and the controversial introduction of legalising discrimination for groups not wishing to employ, service or otherwise interact with individuals with life styles or traits they object to. That last one essentially translates to: some Christian organisations want support for prejudice against single mothers, non-believers, people of different faiths, divorced people and, of course, the entire LGBTI community.

Those aren’t the only things on the agenda, there are assorted other law-and-order policies currently being pushed by Baillieu and Attorney-General Robert Clark, including mandatory sentencing for sixteen and seventeen year-old violent offenders. Still, this is only six months into a four year term. It is clear that Baillieu and Clark are aiming for significant changes to Victoria’s legislative powers before the voters have a chance to oppose them. Perhaps this would be more understandable if the policies presented to the public by the Coalition had included this significant law-and-order focus; but, with the exception of the fairly standard comments about recruiting more police, this was not the case.

It is clear that the Baillieu-Clark agenda, beginning with the reduced emphasis on human rights, is to forge a far more conservative and controlled Victoria. The first step is to reduce the rights previously granted to Victorians. The second step is to introduce law-and-order policies which may appeal to some sections of the community without appearing too controlling to the general punter, but which actually undermine civil liberties significantly. The third step is to provide greater power to certain interest groups at the expense of minorities.

So what can we expect in the future? I expect there will be considerably more similar action in the future. Most likely this will include anti-association legislation, which is normally labelled as “anti-bikie” legislation and which has been adopted in South Australia and New South Wales. Whenever politicians and police discuss legislation like this they are careful to focus on one section of the community, in this case “criminal organisations” and motorcycle clubs, but the reality is that the legislation is never so specific and can be used against any organisation or group of people. Currently the Charter of Human Rights and Responsibilities Act prevents such anti-association legislation from being passed in Victoria, but a repeal of that Act or reduction in its scope may open this door.

No doubt there will be more than this in just the next year or two, given the changes pushed in just the last six months. By the time of the next election in November 2014, the changes in Victoria could be tremendous.

Over the course of the better part of the last couple of decades I have developed certain skills which have helped (or tried to help) various friends through the trauma of sexual assault and rape. Most of these skills stem from little things like listening and not judging. Not to mention reigning in the temptation to go off half-cocked, as it were, and form a possé to go rapist hunting. After all, who would that really benefit?

I would like nothing more than to never have the need to use these skills again. That’s why I support SlutWalk, even though I was a little too ill to attend today’s one.

There will be a scheduled outage for adversary.org from midnight of the morning of Monday the 18th of April. This is due to a change in IP address resulting from a change with the Internode ADSL link.

This change will affect all services including DNS, mail and web. I have made changes to minimise the length of this outage, but it could last from 2-24 hours. The outage will begin whenever the Internode change goes through, probably 12:30am AEST.

I have started experimenting with BitCoin, which is a relatively new form of digital currency. It’s an interesting idea and design which cuts out all the usual middlemen in online payments through a peer-to-peer network, though the price of that is being unable to obtain a refund of a transaction (e.g. a chargeback).

It does, however, provide a method of performing transactions which are simultaneously transparent and anonymous. Users create BitCoin addresses, which are a hash of relevant data (and appear like this: 19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5). A user can create as many such addresses as they wish, even to the extent of creating a new address for each transaction. So even though an address and associated transactions can be viewed by anyone it is still very difficult to determine the parties involved, if not impossible.

So what’s the point? Well, aside from the currency being unable to be manipulated by the normal state based actors (e.g. the Reserve Bank of Australia or the US Federal Reserve), there are a small, but growing number of people and sites accepting BitCoin payments. There is also currency trading between BitCoin and state currencies, as well as sites like CoinCard which enables purchasing BitCoins through PayPal or converting BitCoins to PayPal funds.

This means that it provides a very real method of exchanging money with no real state based scrutiny. This would certainly appeal to people who may wish to disguise what a certain transaction actually involved or who the parties involved were. While many people may assume that only certain illegal transactions (e.g. drugs and arms trafficking) would benefit from this, there are actually plenty of others. One obvious example of often legal, but potentially embarassing, transactions is the sex industry. Really, though, any transaction in which one or both of the parties involved wants a degree of privacy can benefit from BitCoin.

Some governments might raise the spectre of tax evasion via BitCoin, but that is easily countered. When converting BitCoin currency to one’s local currency and bank account, it becomes income which would be declared like any other and the tax paid on that income. Even without converting the BitCoin currency to the local currency of a recipient it would still be possible using the BitCoin currency markets to calculate the tax owed on any given transaction. Other alternative currencies, like Barter Card, have already found methods of addressing tax related issues and they are not insurmountable.

Given the level of distrust with a number of currencies, particularly following the global financial crisis, BitCoin has the potential to gain more than just a handful of computer geek users. Especially since the software is simple to use and available for Windows, Mac and Linux. The source code is also available to guarantee transparency of the entire system.

I have, of course, installed it and obtained a tiny amount of BitCoin currency using the BitCoin Faucet to see just how easy it is to use. The answer is that it is very easy to use. The example BitCoin address I included in this post (19E4GYgVJrpSZ4kDnNB7NxdEFed8U13Aq5) is an active one I generated using the software. It did not take very long to generate and could be used by anyone to send BitCoin donations or payments to me, not that I really expect that to happen. That, however, is all it takes: providing an address hash to another party to send a payment through.

As with any other online payment method, BitCoin can be configured to accept payments via a web server. Alternatively the free MyBitCoin service can be used to accept online payments through BitCoin on a commerce site quickly and easily. The advantage there is not having to worry about maintaining one’s own BitCoin payment code to integrate with an existing shopping card. The disadvantage is that the BitCoin wallet is stored on the MyBitCoin servers instead of one’s own system, although this disadvantage can be minimised by automatically forwarding payments to a local BitCoin address.

All things considered, I think this particular implementation of a virtual currency has great potential, depending on the degree to which it is adopted.

This treaty deals with a number of matters, some of which are just designed to address issue which are already illegal, such as child pornography and pædophilia, just with a technological slant. Some of it relates to computer or network specific crimes, such as computer intrusion and denial of service attacks. Some of it, however, deals with expanding the powers of law enforcement agencies to intercept data traffic and to retain logs of all online activity for possible future use by law enforcement.

Colin Jacobs, from Electronic Frontiers Australia, attempts to address some of the many ways this treaty will adversely affect civil liberties and privacy issues in particular. While Nigel Phair, from the Surete Group, promoted the opinions of law enforcement for what they believe they need to investigate cases online.

There are details of the Australian review of this treaty are on the Attorney-General’s website and will be accepting submissions until the close of business on Monday the 14th this month.

It appears highly likely that moves to prepare Australia to sign the Convention on Cybercrime will be used to enact contentious issues like data retention policies in Australia. So anyone wishing to prevent that should strongly consider sending a submission to the Attorney-General’s Department review.

Should Australia sign this treaty and/or introduce data retention policies, then some people may wish to consider various methods of circumventing that policy. Fortunately some of the same methods which can be used to bypass Internet censorship, such as using a VPN and Tor, can also be used to circumvent the data retention policies.

The Australian government is now on track to possibly branding the national plant (this acacia contains less than 0.02% alkaloids and it is currently unknown whether or not it is possible to derive psychoactive compounds from it), along with thousands of other native plants, illegal. This is apparently part of a move to create uniform anti-drug legislation across the country. All the plants targetted by this new legislation contain or produce chemicals which are either drugs or drug precursors which are either illegal in Australia or which the government intends to make illegal.

Personally I think this current move is ridiculous. As someone of a more libertarian bent, I think that people ought to be able to do whatever they like, including drugs, as long as the choice is freely made and does not impinge on the rights of others. Ideally that choice should be made only with a thorough understanding of the risks involved. I realise, of course, that most people in this world, especially politicians and law enforcement do not agree with me. So putting aside my views regarding personal freedom aside for the moment, this particular change in legislation is still ridiculous for the following reasons:

Most of the chemicals listed which can be made from Australian plants are already illegal; the actions required to produce drugs like N,N-Dimethyltryptamine (DMT) are already covered by existing legislation. Legislating against plants such as acacias and cacti won’t make any real difference to the current illegality of DMT or mescaline.

Most of the plants affected by this proposed legislation are incredibly common throughout the country, on both public and private land. It is quite likely that this will directly affect the gardens of a vast number of Australians, most of whom won’t even know (or care) the exact species of plants on their property. Likewise most of them won’t know (or care) that boiling the bark off several trees of these plants might produce a compound that will make someone vomit and then hallucinate (or vice-versa).

Most, if not all, of the drugs being targetted by this legislation do not produce the same type of anti-social effects as alcohol or a number of synthetic drugs.

The plants will not be able to be eradicated.

Attempting to destroy the native plants proscribed by this legislation will have an adverse affect on the environment. Consider, for a moment, the number of acacias which produce flowers and how many bees visit those flowers to collect pollen to produce honey. That’s just one little link and there are many, many more.

Yet the Attorney-General wishes to make the growing and sale of thousands of Australian flora as illegal as marijuana.

As with most, if not all, government consultations and inquiries, submissions are accepted from the public. The closing date for this one is Friday the 11th of March.

Ross Fitzgerald has an interesting piece in The Australian today on the current state of censorship in Australia; in particular regarding the four inquiries into the classification system. It is definitely worth reading.

Australia’s current laws governing censorship and classification are archaic and byzantine; more often reflecting the views of conservative religious groups than the general populace. Reading some of the comprehensive material on Australian censorship on Irene Graham’s website, Libertus, provides an idea of the extent of this and the conflicts between the federal and state classification systems.

Senator Guy Barnett from Tasmania, the apparent spiritual successor to the notorious Brian Harridine when it comes to censorship, is the driving force behind the current Senate Inquiry into the Australian film and literature classification scheme. The terms of reference for this inquiry indicate a review which will lean towards a conservative finding. For example, one of the earliest points (c), refers to enforcement and reports to law enforcement. Another point (f), refers to “the impact of X18+ films, including their role in the sexual abuse of children;” rather than simply “the impact of X18+ films;” that is what is known as a leading statement. This inquiry wants submissions which cater to the assumptions of Senator Barnett and the pro-censorship lobby, instead of representing the views of all Australians. Still another point (e) is aimed at applying rigorous censorship legislation to all content, including art, presumably in response to the debacle following the suppression of Bill Henson’s exhibition at the Roslyn Oxley9 Gallery in 2008. The inquiry is aimed at applying censorship to outdoor advertising (h), music videos (i), song lyrics (j), television (l), the Internet (l) and mobile devices (m), amongst other areas not previously covered or covered by a specific inquiry (o).

The major classification review, though, is the Australian Law Reform Commission‘s National Classification Review, which was announced on the 21st of December last year by the Attorney-General and the Minister for Home Affairs. This one is unlikely to be completed before 2014 and seeks to be the most comprehensive review of Australia’s classification systems in decades.

The Senate Inquiry into the Australian film and literature classification scheme is due to report on the 30th of June and the deadline for submissions is the 4th of March. The Measures to increase accountability and transparency for Refused Classification material review closed its submission date last year. The close of submissions for the Convergence Review was the 28th of January. While dates for the ALRC’s National Classification Review and Senator Conroy’s second Refused Classification review are presently unavailable.

A citizen could be forgiven for thinking that the complexity and number of the reviews was aimed at stifling opposition to the agenda of censorship which currently runs rampant through Australian politics.

Most political parties in Australia have varying degrees of policy in favour of censorship, of which the most well known is the Australian Labor Party’s mandatory Internet filter. Of the currently registered parties opposing censorship, there is only the Australian Sex Party. The fledgling Pirate Party Australia is still seeking to join the fray. Like the Sex Party before it, the Pirate Party has encountered some difficulties with the registration process. Although not as anti-censorship on a policy level as the Sex Party or the Pirate Party, which both promote civil liberties in Australia, the Australian Greens have been vocal in their opposition to Internet censorship. The work of Senator Scott Ludlum has been considerable in this area.

One of the reasons why Australia has been able to maintain a thorough regime of censorship in comparison to most, if not all, other liberal democracies in the world is due to the lack of constitutionally guaranteed rights. There is no guarantee to freedom of speech, privacy or other rights which are frequently taken for granted in other countries. The only constitutional guarantee is that there not be a state sanctioned religion. There is privacy legislation and there have been High Court rulings on an implied right to political speech as necessary for a free and functioning democracy, but these things can be overturned by passing relevant legislation to do so.

Australia has signed and ratified the International Covenant on Civil and Political Rights, but made sure to include exceptions on Article 19. Even so, that and similar exceptions did not prevent the Australia’s treaty obligations from being used to overturn Tasmania’s anti-homosexuality legislation in the 1990s. It also hasn’t prevented the the United Nations Human Rights Council from publishing a draft review of Australia’s need for continued work to improve human rights for Australians, especially indigenous Australians and women. A number of countries have recommended constitutional reform, possibly including a Bill of Rights, in particular: Sweden, Hungary, Russia, Germany, Timor-Leste, Bosnia and Herzegovina. There were additional calls for other strengthening of human rights and civil liberties, including Australia signing and ratifying several treaties, which requires appropriate changes to legislation to meet the requirements of those treaties.

There’s clearly a long way to go in Australia on addressing issues of general human rights and civil liberties, let alone the more specific issue of censorship. One thing to remember, though, wide ranging censorship and a lack of freedom of expression makes the work on other human rights issues far more difficult.

Recent reports in The Guardian and The Independent, largely overshadowed by current events in Egypt, return to the phone hacking scandal and a renewal of the investigation into illegal activities performed by or on behalf of Rupert Murdoch’s News of the World. It is important to note that, with the exception of what apparently happened to Nick Brown’s landline, what we are talking about is not wiretapping, rather it is cracking the (poor) security of voicemail systems to access recorded messages without authorisation.

In spite of years of denials of involvement, Andy Coulson has resigned as Director of Communications for Prime Minister David Cameron. News International has fired assistant editor Ian Edmondson. While the London Metropolitan Police have finally been spurred into a new and hopefully more complete investigation. Celebrities and politicians seem intent on taking the News of the World to court for numerous breaches of their privacy.

My interest in this case is twofold.

Firstly I want to know if these activities are limited to News of the World or if they have been used by other News International or News Corporation organisations. In particular I want to know if these practices have been employed in the United States or here in Australia.

Secondly I am interested, as a professional geek, in methods of maintaining private communications. Upon the realisation that the so-called hacking was simply accessing a voicemail system, the solution to that problem was readily apparent: move the voicemail system from something under the telephone company’s control to something under one’s own control. It’s actually fairly straight forward to do with solutions available right now. Essentially it just involves forwarding missed or unanswered calls to a PABX (e.g. Asterisk) and then accessing that voicemail in a more secure manner, such as via HTTPS on any smartphone.

So I will continue to watch the case with interest and how far it does or doesn’t spread throughout the Murdoch empire. As well as seeing just how low the muckrakers will stoop for a scoop.

By now most people will have heard or read about the civil unrest in Egypt and the Egyptian government’s response of shutting down communications networks, including all Internet connectivity. This is, of course, one of the most complete forms of electronic censorship available to a totalitarian state.

Already there are people attempting to solve the technical aspects of routing around this kind of denial of service attack. In particular the OpenMesh project that has been reported on TechCrunch.

Personally I think that any solution in this area will have to involve a return to a real peer-to-peer networking model, rather than the client-server networking model that is so prevalent these days. I suspect that wireless networks will be the transmission path of choice for most such networks, at least as far as maintaining communications within a region affected by a government orchestrated black-out.

The tricky part is getting connectivity out of such a censored region without having to rely on telecommunications carriers or government controlled networks. The level of difficulty in resolving this aspect will almost certainly depend on the physical distance between the censored region and the nearest location able to provide Internet connectivity. Some more obvious and long used methods would have to include satellite and radio transmissions, but a tolerance for data or packet loss would be beneficial.

I do not know whether a wireless mesh network or even some other solution could be deployed in Egypt before the current crisis is resolved, but I do think that making sure the information to rapidly deploy one in the future is essential for defending human rights.

Five people have been arrestedinEngland for their roles in the distributed denial of service (DDoS) attacks performed by the group calling itself Anonymous, claiming to be defending WikiLeaks and retaliating over the arrest of Julian Assange.

Initially this group formed to protest the activities of the Church of Scientology, both online and offline. They opposed the authoritarian protocols and abuses of Scientology. Seeing some success there, they have moved on to opposing what they view as tyrannical censorship in other realms. In 2009 the target of their ire was the Australian Federal Government over the proposal to introduce mandatory Internet censorship in Australia.

So where is the problem? The problem lies in the hypocrisy of their tactics. A DDoS is nothing if not a tool of censorship, it prevents the free flow of information. The simple fact is that Anonymous are pathetically trying to enforce their own authority on everyone else and are doing so by using the same tactics as those they profess to oppose.

When Anonymous launched a DDoS against Australian Government servers in September of 2009, they did not prevent the Parliament from continuing to work on legislation and policy, including continued work on the censorship proposal. They did, however, risk associating their childish tactics with the work of others seeking to oppose that censorship in a more reasonable and open manner. They also prevented some people seeking information about the censorship proposal in order to rebut it. I know this because I was one of the campaigners whose research efforts were hampered by those attacks. Fortunately enough anti-censorship campaigners, particularly from the EFA, condemned the attacks quickly enough that Senator Conroy was unable to use the attacks as ammunition against the campaign against censorship. Still, there was a risk that that could have happened.

Now Anonymous have turned their attention to acting in the name of WikiLeaks and launching similar attacks against any organisation which has opposed, harmed or withdrawn support (usually of a commercial nature) from WikiLeaks or Julian Assange. They have even gone so far as to say that “Julian Assange deifies everything we hold dear.” In their eyes Assange can never, under any circumstances do or be wrong and that this is their holy crusade. Now what could possibly go wrong there?

Unsurprisingly their targets in this crusade have chosen to fight back. When commercial juggernauts like Mastercard and Visa are attacked they will retaliate with the full force of the law and indeed they have. This is not something which Anonymous have seen before and as they have not really lived up to their name, their attacks being launched by an application run on the PCs of participants, rather than using remotely controlled botnets, they have been caught. Anonymous are not nearly as clever and as powerful as they have deluded themselves into believing and now their members are beginning to pay the price for this. They have been behaving like children throwing a tantrum in an adult world and now they are going to be spanked.

Meanwhile those of us who promote and work for civil liberties around the globe in a way which does not impinge upon the freedom of our opponents will continue as we have always done. We will not miss the distractions of brats like Anonymous. Except, of course, that they’re not just going to go away after a handful of arrests. No doubt the arrests will scare some of them off, but others will want to fight back more. They will view these arrests as tyrannical oppression, rather than seeing it as an obvious consequence of attempting their own censorship regime.

Now, I suppose, it is my turn to find out whether Anonymous are willing to accept criticism online or whether I will find my own server crippled by retaliation for writing this. Well, I believe we should all be free to express our opinions so I hope that will be reciprocated and that any criticism comes in the form of comments rather than a denial of service attack.

Recently I have noticed that a number of my friends and acquaintances have had their GMail accounts compromised. While my preferred email address is on my own server, I do have a GMail address too (actually I have a couple, but only one that is really used much) and it has not been compromised. I’ve been asked about it a little bit and I figured it best to add my thoughts here regarding best practices, along with some software recommendations.

The first and most obvious recommendation is to use a strong password, ideally with a minimum of 128 bits of entropy. The best way to achieve this is to generate a suitably strong password with KeePassX (Windows users should use KeePass). KeePassX can also be used to generate and securely store passwords for any other account or site. KeePass and KeePassX store all passwords in a database that is protected by a passphrase and 256-bit AES or Twofish encryption.

The second recommendation is to never under any circumstances use the same password for multiple accounts. Passwords for one service should not be used to link it to another service where it may be exploited by an application or plugin for the second service. This way even if one service is compromised, the potential damage is limited to that service only and won’t be able to affect other accounts on different sites.

The third recommendation is to always connect using SSL/TLS. I always recommend the Mozilla Firefox browser with the EFF’s HTTPS Everywhere plugin. The Google settings for always connecting via HTTPS and enabling either or both of IMAPS and POP3S.

The fourth recommendation is to configure a proper mail client, such as Mozilla Thunderbird, to connect with IMAP over SSL. Using a proper and robust mail client, like Thunderbird, is my preferred method of accessing email, but in the case of GMail and other primarily web based email hosting does not prevent access via the web.

The fifth recommendation is to use the Tor Browser Bundle when connecting to GMail through a public wireless point or public network (e.g. an Internet café). This software includes a modified version of Firefox that incorporates HTTPS Everywhere and will help prevent session hijacking, such as that used by the Firesheep exploit. The Tor Browser Bundle is designed to run from a USB stick and does not require any installation; simply click and run.

These fairly straight forward measures should be enough to protect any GMail account from compromise and may also be applied to other web email hosts such as Hotmail or Yahoo. Although I have not checked the extent of support for SSL/TLS connections to either of those services.

Finally, I still encourage the use of the GNU Privacy Guard for securing correspondence between parties, but that is a different matter to securing the accounts themselves.